Cross-Site Scripting in tecrail Responsive FileManager 9.13.4
CVE-2018-20791

6.1MEDIUM

Key Information:

Vendor: Tecrail
Status: Responsive Filemanager
Vendor: CVE Published:; 25 February 2019

Badges

👾 Exploit Exists

What is CVE-2018-20791?

The tecrail Responsive FileManager version 9.13.4 is susceptible to cross-site scripting (XSS) due to inadequate sanitization of media file names during uploads. An attacker can exploit this vulnerability by uploading a media file with a specially crafted name containing an XSS payload. When the file is processed, the malicious script can execute in the context of the user's browser, potentially leading to unauthorized actions or data theft. This vulnerability underscores the importance of rigorous input validation and output encoding in web applications.

References

https://www.exploit-db.com/exploits/45987

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 25, 2019
👾
Exploit known to exist
Feb 25, 2019
Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 25, 2019

CVE-2018-20791 Data

JSON

Tecrail

Badges

What is CVE-2018-20791?

References

CVSS V3.1

Timeline